91 lines
3.1 KiB
TypeScript
91 lines
3.1 KiB
TypeScript
/**
|
|
* Contract source: https://git.io/Jte3T
|
|
*
|
|
* Feel free to let us know via PR, if you find something broken in this config
|
|
* file.
|
|
*/
|
|
|
|
import Bouncer from '@ioc:Adonis/Addons/Bouncer'
|
|
import User from 'App/Models/User'
|
|
import Employee from 'App/Models/Employee'
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Bouncer Actions
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Actions allows you to separate your application business logic from the
|
|
| authorization logic. Feel free to make use of policies when you find
|
|
| yourself creating too many actions
|
|
|
|
|
| You can define an action using the `.define` method on the Bouncer object
|
|
| as shown in the following example
|
|
|
|
|
| ```
|
|
| Bouncer.define('deletePost', (user: User, post: Post) => {
|
|
| return post.user_id === user.id
|
|
| })
|
|
| ```
|
|
|
|
|
|****************************************************************
|
|
| NOTE: Always export the "actions" const from this file
|
|
|****************************************************************
|
|
*/
|
|
export const { actions } = Bouncer
|
|
|
|
.define('employees.index', (user: User) => {
|
|
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to view all employees')
|
|
return true
|
|
})
|
|
|
|
.define('employees.show', (user: User, employee : Employee) => {
|
|
if(user.role !== 'admin' && user.id !== employee.userId){
|
|
return Bouncer.deny('You are not allowd to view employees other than yourself')
|
|
}
|
|
return true
|
|
})
|
|
|
|
.define('employees.store', (user: User) => {
|
|
if(user.role !== 'admin') return Bouncer.deny('You are not allowd to create any employees')
|
|
return true
|
|
})
|
|
|
|
.define('employees.destroy', (user: User) => {
|
|
if(user.role !== 'admin') return Bouncer.deny('You are not allowed to delete any employees')
|
|
return true
|
|
})
|
|
|
|
.define('employees.update', (user: User, editContractHours : boolean, employee: Employee) => {
|
|
if(user.id !== employee.userId && user.role !== 'admin'){
|
|
return Bouncer.deny('You are not allowed to edit employees other than yourself.')
|
|
} else if (editContractHours && user.role !== 'admin'){
|
|
return Bouncer.deny('You are not allowed to edit your contract hours.')
|
|
}
|
|
return true
|
|
})
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Bouncer Policies
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Policies are self contained actions for a given resource. For example: You
|
|
| can create a policy for a "User" resource, one policy for a "Post" resource
|
|
| and so on.
|
|
|
|
|
| The "registerPolicies" accepts a unique policy name and a function to lazy
|
|
| import the policy
|
|
|
|
|
| ```
|
|
| Bouncer.registerPolicies({
|
|
| UserPolicy: () => import('App/Policies/User'),
|
|
| PostPolicy: () => import('App/Policies/Post')
|
|
| })
|
|
| ```
|
|
|
|
|
|****************************************************************
|
|
| NOTE: Always export the "policies" const from this file
|
|
|****************************************************************
|
|
*/
|
|
export const { policies } = Bouncer.registerPolicies({})
|